Week 27 in Review – 2010

Week 27 in Review – 2010

Resources:

Welcome to Issue 003 of the HITB Magazine! – hitb.org
In conjunction with our first European event, we have lined up an interview with Dutch master lock picker and founder of The Open Organization of Lock Pickers (TOOOL) Barry Wels.

Beyond Fuzzy Hashing – jessekornblum.com
Computers are fantastic at finding identical pieces of data, but terrible at finding similar data. Part of the problem is first defining the term “similar” in any given context.

Wildly successful social engineering – uncommonsensesecurity.com
I am not talking about the “Robin Sage” social media/social engineering case where a lot of people who should know better gave up a lot of information in a lot of different ways.

Detecting Mobile Browsers – marcoramilli.blogspot.com
This web site does not only recognize if a mobile phone is surfing on it but it provides a great set of open source scripts to detect them.

Vulnerabilities:

YouTube Hit By HTML Injection Vulnerability – slashdot.org
The bug is triggered by placing a <script> tag at the beginning of a post. The tag itself is escaped, but everything following it is cheerfully placed in the page as is.

Researcher given a shake down; vendors using law to stop public disclosure of flaws.
ATM vendors weren’t too happy about that fact and employed legal means to prevent Chiesa from addressing the conference crowd.

On flip side, Researchers retaliate to unfair treatment of another of their kin
The researchers openly stated that they will continue to do so in response to how Microsoft treated Tavis Ormany, the Google engineer blamed for disclosing a critical Windows bug publicly last month.

U.S. Plans Cyber Shield for Utilities, Companies – wsj.com
The federal government is launching an expansive program dubbed “Perfect Citizen” to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

Credit Card Hackers Visit Hotels All Too Often – nytimes.com
A study released this year by SpiderLabs, a part of the data-security consulting company Trustwave, found that 38 percent of the credit card hacking cases last year involved the hotel industry.

Leave A Comment

About Us

Infosec Events is dedicated to the growing information security industry. We strive to provide useful information and resources to those in the industry. Don't hesitate to contact us should you need anything.